How to create and configure User Profiles
For your organisation’s staff to act as hosts who can create temporary eduroam visitor accounts, a profile that defines their user permissions must first be created in eVA. As an eVA Organisation Administrator, user profiles are quick and easy for you to create, but it is important to think carefully about their design and access permissions. This will prevent unintentional or deliberate unauthorised use of eduroam Visitor Access.
Note: Without profiles, users can log on to eduroam Visitor Access, but they cannot use it to create visitor accounts. Note that this also applies to Global administrator accounts, so make sure to create a profile for yourself if you want the ability to create guest accounts and SMS Events.
Profile Types
eduroam Visitor Access has three profile types:
Email Profiles
Only role "Staff" can be used in our context (no organisation in Tuakiri provides the employee role). These profiles are valid for one person only and are based on the user's e-mail address.
Group Profiles
These types of profiles are valid for several users and are based on the e-mail addresses of users that have been placed in a group. Every group has its own configuration. If several users have the same configuration, we recommend giving them a group profile rather than create several individual personal profiles via Tuakiri.
Role-based profiles
These profiles are valid for groups of users with the same role. This type of role is based on the ‘eduPersonScopedAffiliation’ attribute “Staff”. The organisation’s federated identity management system provides this attribute when the user logs on to eduroam Visitor Access Tuakiri.
If a user matches a role-based profile but also has a personal profile, the rights of the personal profile will apply. You can create a role-based profile with a global configuration for a large group of users and create a personal profile for an individual with a different configuration (with more rights, for example).
Rights Within a Profile
When you create a profile, you can choose to give the user(s) of that profile one or more of the following rights:
Users with this profile may add visitors.
Users with this profile may upload batches of visitors (creation of visitor accounts through the upload of a .csv file).
Users with this profile may create groups (creation of groups of eVA Visitors that are not linked to an individual).
Users with this profile may create SMS Events (creation of time-boxed events where visitors can gain access to the eduroam Wi-Fi network using an SMS keyword).
Note: It is important to assign the “Users with this profile may create groups” and the “Users with this profile may create SMS Events” rights to a very limited group of users. These functions allow the user to create temporary eduroam accounts without knowing who will be using them. Improper use of these functions can have a significant negative impact on your organisation’s networks and that of other eduroam providers.
How to Create a Profile
Log on to eduroam Visitor Access at https://eva.eduroam.nz. From the main menu, click on Admin > Profiles and select “Create profile”. The following screen appears:
Choose one of the following options:
Individual Profile - personal profile based on the user's e-mail address.
Group Profile - group profile based on e-mail addresses of users in the group.
Role Profile - role-based profile based on the user's eduPersonScopedAffiliation attribute.
E-mail Profile Fields Descriptions
Profile Name | Name of the profile you are creating (i.e. "Organisational staff members") |
SAML E-mail Address(es)
|
|
| |
SAML eduPersonAffiliation Role | This field is only displayed for "Role" profiles. Select "Staff" for Tuakiri from the drop-down list |
Maximum Number of eVA Accounts that can be Created | The maximum number of visitors that the users in the profile can create (have active at a given time) |
Maximum Access Period that Can be Granted (in days) | The maximum period (number of days) that the users in the profile can assign to a visitor account |
Profile Permissions | Tick one or several options (as described in Section 2.3.2) |
How to Edit or Delete a Profile
To view your previously created profiles, from the main menu, click on Admin > Profiles.
Click on
to edit the profile details.Click on
to delete the profile.Click on
to edit or delete the e-mail addresses. This icon is only visible for group profiles.
Note: If you delete a profile, the rights of the host user(s) in this profile expire, however any temporary eduroam visitor accounts that the users had previously created will remain active until the end of the validity period.
“All Visitors” Overview
eVA Global Administrators can view all visitor accounts for their own organisation; however, editing and deleting visitor accounts can only be done by CERT members or by the users that created the visitor accounts.
In the main menu, click on Admin > All visitors to view an overview of all visitor accounts (including “Future”, “Active”, “Ended” and “Expired” accounts).
In the main menu, click on CERT > All Visitors.
You have the following options:
Search for accounts.
Edit account (click on the link in the “Visitor ID” column).
Click on
to delete an account.